search cancel

Invalid MAC addresses seen in Intrusion Prevention logs

book

Article ID: 176003

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

On the Symantec Endpoint Protection (SEP) client, in rare instances Intrusion Prevention Service (IPS) detections may include an invalid MAC address for the local or source MAC address of the devices involved.

Cause

This occurs as a result of corrupted event logs sent by the SEP client to the SEP Manager. The SEP Manager reads the ASCII strings as binary values and translates accordingly.

Resolution

This issue is fixed in Symantec Endpoint Protection (SEP) 14.3 RU1. For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec software here.

Additional Information

ESCRT-2401